CVE-2016-6710
Last modified
CVE-2016-6710 is a vulnerability of currently unknown severity. An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Android | >= 5.0, < 5.0.2 | |
| Android | >= 5.1, < 5.1.1 | |
| Android | >= 6.0, <= 6.0.1 | |
| Android | 7.0 |
References
- http://www.securityfocus.com/bid/94170Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/94170Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6710?
How severe is CVE-2016-6710?
How do I fix CVE-2016-6710?
Are you affected by CVE-2016-6710?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST